Key Management Insights: Code Signing

About

Welcome to the Thales Key Management digital media news centre.
As companies look to protect their customer data and other sensitive information, encryption is being deployed more widely. Yet if an encryption key is lost then that data cannot be recovered. Avoiding this problem demands formalized processes and robust technologies for key management making the protection, management and secure use of cryptographic keys a fundamental component of modern IT security.

This Thales media center provides information on international industry issues and trends relating to the general topic of key management. There's a also a Q & A page here which aims to answer some of the frequently asked questions on the subject. Key management affects organizations across all sectors and this site includes information on global best practices, regulation, technology, deployment scenarios and key management strategy.

Thales leads in the provision of information and communication systems security solutions for government, defence, critical infrastructure, enterprise and the finance industry. Thales’s comprehensive portfolio of security products and services protect electronic information – safeguarding transactions, IT operations and information transfers within highly sensitive and regulated environments.

Subscribe by email

Subscribe by RSS

Find out more at http://www.thales-esecurity.com/

Visit our payments site at www.paymentssecurity.com

Contributors

Richard Moulds, EVP of product strategy, Thales e-Security

Mark Knight, Director, Product Management, Thales e-Security

John Grimm, Senior Director of Product Marketing, Thales e-Security

Nick Pope, Principal Consultant, Thales e-Security

Resources

Press releases

Case studies

Product data sheets

White papers

June 08, 2012

Why code signing matters

Code signing has been a popular topic over the last fortnight.

Yahoo was quick to patch an embarrassing key management error with the signing key used in their new Axis browser extension for Chrome that was discovered by Security blogger Nik Cubrilovic [1].
Microsoft has published [2] a security advisory revoking trust in a number of digital certificates that may have been abused to sign parts of the recently discovered “Flame” malware.

The use of code signing technology is an essential tool in helping to establish the trust we now demand from the Internet of things. It’s worth taking a moment to consider the potential impact when there’s a loss of control of a code signing key or certificate.

Continue reading "Why code signing matters" »

Posted at 10:06 in Code Signing, Encryption | Permalink

Key Management Q&A

Want to know more about key management? This Q & A might help provide some answers

Key management resources

Encryption key management news
IEEE
Implementing the Payment Card Industry Data Security Standards (PCI DSS)
NIST
PCI Security Standards
SC Magazine
Visa's list of PCI DSS validated service providers

Press contact

Liz Harris
Thales
+44 (0)1223 723612

Key Management Insights